Spring epidemics in Skype: watch out for Bitcoin fraudsters

Kaspersky Lab experts have detected two malicious campaigns operating on Skype: in both cases cybercriminals are using social engineering methods to lure users to follow a malicious link with the promise of an interesting photo or video. Hacked or specially created Skype accounts are used to distribute the malicious links in both campaigns – one of which aims to fraudulently generate the Bitcoin virtual currency.

The first attack was launched as early as March 1, but over the past 24 hours users clicked the malicious link an average of 2.7 times per second, or 10,000 times per hour. Those clicking the links are primarily in Russia, Ukraine, Bulgaria, China, Taiwan and Italy. When analyzing the code loaded to the victim’s PC, the company’s experts found a line that mentioned ‘Bitcoin wallet’.

On Thursday, April 4 another similar attack was detected. Users were asked to follow a link, but the experts at Kaspersky Lab found that malware capable of generating the Bitcoin currency was being installed on computers. The Bitcoin currency system allows users to earn bitcoins in return for leasing out their computing resources. The virtual money can later be converted into another currency or used to pay for goods and services in online stores. Although the latest malicious campaign was only launched one day ago, it has rapidly gained momentum. By Thursday evening around 2,000 users were following the malicious link every hour, according to calculations by Dmitry Bestuzhev, Head of the Latin American Global Research & Analysis Team at Kaspersky Lab.

The geographical distribution of the attack suggests users in Italy, Russia, Poland, Costa Rica, Spain, Germany and Ukraine are the main targets of this second malicious campaign.

It seems unlikely to be a coincidence that the malicious campaign began when the Bitcoin exchange rate hit its historical peak. On April 5, the rate reached $132 per coin – a dramatic growth compared to the 2011 rate of below $2 per coin. This is too tempting for cybercriminals to ignore, says Kaspersky Lab expert Sergey Lozhkin.

“Of course cybercriminals couldn’t help but pay attention to Bitcoin. The Bitcoin currency transactions system itself implies full anonymity and that’s why cybercriminals started using it so actively. Underground forums are full of offers to buy and sell with Bitcoins. Drugs, arms, 0-day exploits, Trojans and viruses are bought and sold using the currency,” said Lozhkin. “Anonymous transactions are very hard to track and with so many currency exchange services – both legal and underground – it’s easy to lose track of the details with nobody any the wiser. This makes cybercriminals feel very safe. The Bitcoin architecture implies that more of them exists more hardware resources needed to mine. That’s why we are seeing malware that installs a Bitcoin miner module on victim computers, using their resources to mine Bitcoins and create a Bitcoin-mining botnet that could be quite a good source of income for its owner.”

Kaspersky Lab recommends that Skype users treat any messages arriving via Skype or any other Instant Messaging program with caution. Even if a message arrives from a person you know, it is possible that his/her computer has been infected and is controlled by cybercriminals. We also advise users to do the following to ensure their device stays secure: